# INPUT firewall: traffic to us

# Allow traffic on lo localhost interface
${IPTABLES} -A INPUT --in-interface lo -j ACCEPT

# Allow answers for our own conversations back
${IPTABLES} -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Enable incoming TCP traffic to the well-known ports we want enabled
for port in 22 113; do
  ${IPTABLES} -A INPUT -m state --state NEW --proto tcp --destination-port $port -j ACCEPT
done

# Enable incoming ping
${IPTABLES} -A INPUT -m state --state NEW --proto icmp --icmp-type echo-request -j ACCEPT

# Enable incoming domain queries from internal net
${IPTABLES} -A INPUT -m state --state NEW --proto udp --destination-port 53 --in-interface eth0 -j ACCEPT

# Log and drop the rest
${IPTABLES} -A INPUT -j LOG
${IPTABLES} -A INPUT -j DROP